shouldnt TCP connections made to port 80 come from port 80 as well? or what port do they usually come from when a regular user has a regular browser?
i wonder because i wonder if i can limit incoming ports on my firewall

2 Answers
2

First some basics. A socket, consists of a source port and address, and destination port and address. That socket describes a single line of communication. A socket describes one connection. When packets are received by the operating system it looks at these bits of information to decide what application should get the packet. If you wish to see these connections look at the output of netstat.

If everything destined for port 80 originated from port 80 then you could only ever have one connection between 2 IP addresses. In the real world we frequently want to have multiple connections open to a web (or other) server so we can retrieve things in parallel.

You should also consider the case of something doing network translation (NAT) or more descriptively and more common these days, Port Address Translation. It would be completely unacceptable to only allow one system behind the NAT device to make connections at a time.. So source ports are assigned to each outgoing connection. The NAT devices has to keep a translation table that keeps track of what port+address combinations on the outside belong to what port+address combinations on the inside.

+1. Surprisingly this is something that quite a few people don't understand. I once worked with a network consultant who was light years ahead of me in skills and knowledge that didn't understand this.
–
joeqwertyOct 27 '09 at 22:42

Good answer. You included a lot more detail than I did.
–
Bill WeissOct 28 '09 at 15:53